<?php
// database connection
include_once("db.inc.php");

//start session
session_start();

//recovery data
$login = isset($_POST["login"]) ? addslashes(trim($_POST["login"])) : FALSE;
$password = isset($_POST["password"]) ? md5(trim($_POST["password"])) : FALSE;
//no login or password
if(!$login || !$password)
{
	$_loginMessage="Login or password empty!";
	include_once("formLogin.php");
}

// check username and password on database
$SQL = "SELECT email,ui_password FROM users WHERE email='$login'";
$result_id = @mysql_query($SQL) or die("Database error!");
$total = @mysql_num_rows($result_id);

if($total)
{
	$dados = @mysql_fetch_array($result_id);
	if(!strcmp($password, $dados["ui_password"]))
	{
		$_SESSION["login"]=$dados["email"];
		header("Location: index.php");
	}

	//invalid password
	else
	{
		$_loginMessage="Invalid username or password";
		exit;
	}
}
else
{
	$_loginMessage="Invalid username or password";
	include_once("formLogin.php");
	exit;
}
?>
